Yes, this seems right. ok yasuoka
On Thu, 18 Jun 2020 23:53:25 +0300 Vitaliy Makkoveev <henscheltig...@yahoo.com> wrote: > While pppac(4) destroy sessions by pipex_iface_fini() or by > pipex_ioctl() with PIPEXSMODE command, some sessions can be linked to > `state_list'. This case is not checked and sessions will never be > unlinked and `state_list' will be broken after session's memory freeing. > > Diff below adds session removal from `state_list' in > pipex_unlink_session(). Also unlinked session `state' sets to > PIPEX_STATE_CLOSED like pipex_close_session() does. > > Index: sys/net/pipex.c > =================================================================== > RCS file: /cvs/src/sys/net/pipex.c,v > retrieving revision 1.115 > diff -u -p -r1.115 pipex.c > --- sys/net/pipex.c 18 Jun 2020 14:20:12 -0000 1.115 > +++ sys/net/pipex.c 18 Jun 2020 16:37:44 -0000 > @@ -473,8 +473,10 @@ pipex_unlink_session(struct pipex_sessio > break; > } > #endif > - > + if (session->state == PIPEX_STATE_CLOSE_WAIT) > + LIST_REMOVE(session, state_list); > LIST_REMOVE(session, session_list); > + session->state = PIPEX_STATE_CLOSED; > > /* if final session is destroyed, stop timer */ > if (LIST_EMPTY(&pipex_session_list)) >
